2021/11/09 Pale Moon 29.4.2 が来た件
23:17
こんばんぱ かっぱだっぱ
定例のアップデートみたいっぱねいつもより少し遅いかの? Firefox派生タブブラウザ PaleMoonの話っぱの The Pale Moon Project homepagehttps://www.palemoon.org/
前記事は2021/09/15 Pale Moon 29.4.1が来てるっぱよ?
あと、日本語の言語パックが対応されるようになったのでこれまでの利用者は、別途に導入する必要はなさそうっぱよ?
うまく行かないときは Pale Moon - Add-ons - Japanese (JP) https://addons.palemoon.org/addon/pm-langpack-ja/
こちらから注意書きをよく読んで導入だの(人Θ’o)
リリースノート曰く・・・
v29.4.2 (2021-11-09) This is a security update.
Changes/fixes: Fixed a spec compliance issue with IDN that could potentially cause confusion of domain names. Fixed several intermittent thread sanity issues. DiD Fixed a potential UAF risk in certain situations in networking. DiD Fixed a potential crash risk (not exposed). DiD Fixed a potential spoofing risk using form validation. (CVE-2021-38508) Fixed a script sandbox escape issue through XSLT. (CVE-2021-38503) Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 1 already applied, 4 DiD, 7 not applicable. Security notice: If you have enabled HTTP Alternative Services for Opportunistic Encryption, it is strongly recommended you disable this at this time through Preferences -> Security -> Opportunistic Encryption -> Enable HTTP Alternative Services for Opportunistic Encryption. This inherently weak transitional technology for http -> https has been compromised and can be abused (partial opt-in bypass). Note that our platform default for this setting (and any other OE) is disabled due to these kinds of inherent risks, as well as lack of transparency about the connection and server contacted. See CVE-2021-38507 for more details about this problem.
主にセキュリティアップデートみたいだの(´・Θ・`)
OPS暗号化にHTTP代替サービスを有効にしている場合の注意書きがセキュリティノートに書いてあるみたいだの http→httpsに切り替える機能を一部迂回して変なサイトに飛ばされるかもしれないような話だの その辺りの透明性の話で 設定→セキュリティ→(OE)→Enable HTTP Alternative Services for Opportunistic Encryption
これのチェックが外れてると思うのでその辺りの話がわからない人はチェックを入れて有効にしなくてよさそうな気配っぱ
かっぱでしたっぱ